Search in sources :

Example 21 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class PKCS10CertificateSigningRequestTestCase method testVerifySignatureInvalidSignature.

/**
 * Tests the behavior of the {@code verifySignature} method with an invalid
 * signature.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testVerifySignatureInvalidSignature() throws Exception {
    final KeyPairGenerator keyPairGenerator = CryptoHelper.getKeyPairGenerator("RSA");
    keyPairGenerator.initialize(2048);
    final KeyPair keyPair = keyPairGenerator.generateKeyPair();
    PKCS10CertificateSigningRequest csr = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(SignatureAlgorithmIdentifier.SHA_256_WITH_RSA, keyPair, new DN("CN=ldap.example.com,O=Example Corporation,C=US"), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
    final X509CertificateExtension[] extensions = new X509CertificateExtension[csr.getExtensions().size()];
    csr.getExtensions().toArray(extensions);
    csr = new PKCS10CertificateSigningRequest(csr.getVersion(), csr.getSignatureAlgorithmOID(), null, new ASN1BitString(ASN1BitString.getBitsForBytes(new byte[256])), csr.getSubjectDN(), csr.getPublicKeyAlgorithmOID(), csr.getPublicKeyAlgorithmParameters(), csr.getEncodedPublicKey(), csr.getDecodedPublicKey(), null, extensions);
    csr.verifySignature();
}
Also used : KeyPair(java.security.KeyPair) DN(com.unboundid.ldap.sdk.DN) KeyPairGenerator(java.security.KeyPairGenerator) ASN1BitString(com.unboundid.asn1.ASN1BitString) Test(org.testng.annotations.Test)

Example 22 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class PKCS10CertificateSigningRequestTestCase method testVerifySignatureMalformedSignature.

/**
 * Tests the behavior of the {@code verifySignature} method with a signature
 * that isn't formatted properly.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testVerifySignatureMalformedSignature() throws Exception {
    final KeyPairGenerator keyPairGenerator = CryptoHelper.getKeyPairGenerator("RSA");
    keyPairGenerator.initialize(2048);
    final KeyPair keyPair = keyPairGenerator.generateKeyPair();
    PKCS10CertificateSigningRequest csr = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(SignatureAlgorithmIdentifier.SHA_256_WITH_RSA, keyPair, new DN("CN=ldap.example.com,O=Example Corporation,C=US"), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
    final X509CertificateExtension[] extensions = new X509CertificateExtension[csr.getExtensions().size()];
    csr.getExtensions().toArray(extensions);
    csr = new PKCS10CertificateSigningRequest(csr.getVersion(), csr.getSignatureAlgorithmOID(), null, new ASN1BitString(true, false, true, false, true), csr.getSubjectDN(), csr.getPublicKeyAlgorithmOID(), null, csr.getEncodedPublicKey(), csr.getDecodedPublicKey(), null, extensions);
    csr.verifySignature();
}
Also used : KeyPair(java.security.KeyPair) DN(com.unboundid.ldap.sdk.DN) KeyPairGenerator(java.security.KeyPairGenerator) ASN1BitString(com.unboundid.asn1.ASN1BitString) Test(org.testng.annotations.Test)

Example 23 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class CRLDistributionPointRevocationReasonTestCase method testEmptySet.

/**
 * Tests the behavior when trying to decode a bit string with no bits set.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testEmptySet() throws Exception {
    final boolean[] noBits = new boolean[0];
    assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(noBits)));
    assertTrue(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(noBits)).isEmpty());
    final boolean[] correctNumberOfBits = new boolean[CRLDistributionPointRevocationReason.values().length];
    Arrays.fill(correctNumberOfBits, false);
    assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)));
    assertTrue(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)).isEmpty());
    final boolean[] moreBitsThanNecessary = new boolean[100];
    Arrays.fill(moreBitsThanNecessary, false);
    assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)));
    assertTrue(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)).isEmpty());
}
Also used : ASN1BitString(com.unboundid.asn1.ASN1BitString) Test(org.testng.annotations.Test)

Example 24 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class PKCS8PrivateKeyTestCase method testAllElementsEC.

/**
 * Tests a private key with a minimal set of elements that uses the elliptic
 * curve algorithm.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testAllElementsEC() throws Exception {
    final EllipticCurvePrivateKey ecPrivateKey = new EllipticCurvePrivateKey(1, new byte[32], NamedCurve.SECP256R1.getOID(), new ASN1BitString(new boolean[256]));
    PKCS8PrivateKey privateKey = new PKCS8PrivateKey(PKCS8PrivateKeyVersion.V2, PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1ObjectIdentifier(NamedCurve.SECP256R1.getOID()), ecPrivateKey.encode(), ecPrivateKey, new ASN1OctetString("attributes"), new ASN1BitString(new boolean[256]));
    assertNotNull(privateKey.getPKCS8PrivateKeyBytes());
    privateKey = new PKCS8PrivateKey(privateKey.encode().encode());
    assertNotNull(privateKey.getVersion());
    assertEquals(privateKey.getVersion(), PKCS8PrivateKeyVersion.V2);
    assertNotNull(privateKey.getPrivateKeyAlgorithmOID());
    assertEquals(privateKey.getPrivateKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.EC.getOID());
    assertNotNull(privateKey.getPrivateKeyAlgorithmName());
    assertEquals(privateKey.getPrivateKeyAlgorithmName(), "EC");
    assertNotNull(privateKey.getPrivateKeyAlgorithmNameOrOID());
    assertEquals(privateKey.getPrivateKeyAlgorithmNameOrOID(), "EC");
    assertNotNull(privateKey.getPrivateKeyAlgorithmParameters());
    assertEquals(privateKey.getPrivateKeyAlgorithmParameters().decodeAsObjectIdentifier().getOID(), NamedCurve.SECP256R1.getOID());
    assertNotNull(privateKey.getEncodedPrivateKey());
    assertEquals(privateKey.getEncodedPrivateKey().getValue(), ecPrivateKey.encode().getValue());
    assertNotNull(privateKey.getDecodedPrivateKey());
    assertTrue(privateKey.getDecodedPrivateKey() instanceof EllipticCurvePrivateKey);
    final EllipticCurvePrivateKey decodedPrivateKey = (EllipticCurvePrivateKey) privateKey.getDecodedPrivateKey();
    assertEquals(decodedPrivateKey.getVersion(), 1);
    assertEquals(decodedPrivateKey.getPrivateKeyBytes(), new byte[32]);
    assertEquals(decodedPrivateKey.getNamedCurveOID(), NamedCurve.SECP256R1.getOID());
    assertEquals(decodedPrivateKey.getPublicKey().getBytes(), new ASN1BitString(new boolean[256]).getBytes());
    assertNotNull(privateKey.getAttributesElement());
    assertEquals(privateKey.getAttributesElement().getValue(), new ASN1OctetString("attributes").getValue());
    assertNotNull(privateKey.getPublicKey());
    assertEquals(privateKey.getPublicKey().getBytes(), new ASN1BitString(new boolean[256]).getBytes());
    assertNotNull(privateKey.toString());
    assertNotNull(privateKey.toPEM());
    assertFalse(privateKey.toPEM().isEmpty());
    assertNotNull(privateKey.toPEMString());
    assertNotNull(privateKey.getPKCS8PrivateKeyBytes());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) Test(org.testng.annotations.Test)

Example 25 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class InternalCertHelperTestCase method testCreatePKCS10CertificateSigningRequest.

/**
 * Provides test coverage for the
 * {@code createPKCS10CertificateSigningRequest} method.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testCreatePKCS10CertificateSigningRequest() throws Exception {
    final byte[] modulusBytes = new byte[256];
    modulusBytes[0] = 0x40;
    modulusBytes[255] = 0x01;
    final BigInteger modulus = new BigInteger(modulusBytes);
    final BigInteger exponent = BigInteger.valueOf(65537L);
    final RSAPublicKey publicKey = new RSAPublicKey(modulus, exponent);
    final PKCS10CertificateSigningRequest csr = InternalCertHelper.createPKCS10CertificateSigningRequest(PKCS10CertificateSigningRequestVersion.V1, SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), null, new ASN1BitString(true, false, true, false, true), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), null, publicKey.encode(), null, null);
    assertNotNull(csr.getVersion());
    assertEquals(csr.getVersion(), PKCS10CertificateSigningRequestVersion.V1);
    assertNotNull(csr.getSignatureAlgorithmOID());
    assertEquals(csr.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID());
    assertNotNull(csr.getSignatureAlgorithmName());
    assertEquals(csr.getSignatureAlgorithmName(), "SHA-256 with RSA");
    assertNotNull(csr.getSignatureAlgorithmNameOrOID());
    assertEquals(csr.getSignatureAlgorithmNameOrOID(), "SHA-256 with RSA");
    assertNull(csr.getSignatureAlgorithmParameters());
    assertNotNull(csr.getSubjectDN());
    assertEquals(csr.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corporation,C=US"));
    assertNotNull(csr.getPublicKeyAlgorithmOID());
    assertEquals(csr.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.RSA.getOID());
    assertNotNull(csr.getPublicKeyAlgorithmName());
    assertEquals(csr.getPublicKeyAlgorithmName(), "RSA");
    assertNotNull(csr.getPublicKeyAlgorithmNameOrOID());
    assertEquals(csr.getPublicKeyAlgorithmNameOrOID(), "RSA");
    assertNull(csr.getPublicKeyAlgorithmParameters());
    assertNotNull(csr.getEncodedPublicKey());
    assertNotNull(csr.getRequestAttributes());
    assertTrue(csr.getRequestAttributes().isEmpty());
    assertNotNull(csr.getExtensions());
    assertTrue(csr.getExtensions().isEmpty());
    assertNotNull(csr.getSignatureValue());
    assertNotNull(csr.toString());
    assertNotNull(csr.toPEM());
    assertFalse(csr.toPEM().isEmpty());
    assertNotNull(csr.toPEMString());
}
Also used : BigInteger(java.math.BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1BitString(com.unboundid.asn1.ASN1BitString) Test(org.testng.annotations.Test)

Aggregations

ASN1BitString (com.unboundid.asn1.ASN1BitString)72 Test (org.testng.annotations.Test)62 DN (com.unboundid.ldap.sdk.DN)49 ASN1Null (com.unboundid.asn1.ASN1Null)36 OID (com.unboundid.util.OID)33 ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)26 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)25 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)24 ASN1Element (com.unboundid.asn1.ASN1Element)23 ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)22 ASN1Integer (com.unboundid.asn1.ASN1Integer)20 IOException (java.io.IOException)16 ASN1BitString (com.github.zhenwei.core.asn1.ASN1BitString)14 ASN1BitString (org.bouncycastle.asn1.ASN1BitString)11 BigInteger (java.math.BigInteger)10 ArrayList (java.util.ArrayList)10 ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)9 NotNull (com.unboundid.util.NotNull)9 Date (java.util.Date)8 KeyPair (java.security.KeyPair)7